Fixed leakage of GCP API key through TTS error message

rozbb · Mar 13, 2023 · 8533b01 · 8533b01
1 parent cf559f8
commit 8533b01
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/server/src/tts.rs b/server/src/tts.rs
@@ -85,6 +85,14 @@ pub(crate) fn get_api_key() -> Result<String, AnyError> {
     })
 }
 
+/// Redacts the API key out of the TTS error message
+fn redact_error(mut e: reqwest::Error) -> reqwest::Error {
+    // The API key is specified by `?key=...`. Overwriting the query section of the URL will make
+    // this go away
+    e.url_mut().map(|u| u.set_query(Some("key=REDACTED")));
+    e
+}
+
 /// Speaks text string of length at most MAX_CHARS_PER_REQUEST. Returns an error if length exceeds,
 /// or an error occurs in the Google Cloud API call.
 pub(crate) async fn tts_single(api_key: &str, req: &TtsRequest) -> Result<Bytes, AnyError> {
@@ -106,6 +114,7 @@ pub(crate) async fn tts_single(api_key: &str, req: &TtsRequest) -> Result<Bytes,
         .await
         .with_context(|| "Couldn't make TTS request")?
         .error_for_status()
+        .map_err(redact_error)
         .with_context(|| "TTS request failed")?;
 
     // The resulting JSON response has our MP3 data